AWS Nitro System

A combination of dedicated hardware and lightweight hypervisor enabling faster innovation and enhanced security

The AWS Nitro System is the underlying platform for our next generation of EC2 instances that enables AWS to innovate faster, further reduce cost for our customers, and deliver added benefits like increased security and new instance types.

AWS has completely re-imagined our virtualization infrastructure. Traditionally, hypervisors protect the physical hardware and bios, virtualize the CPU, storage, networking, and provide a rich set of management capabilities. With the Nitro System, we are able to break apart those functions, offload them to dedicated hardware and software, and reduce costs by delivering practically all of the resources of a server to your instances.

Deep Dive Into AWS Nitro System (49:37)

Coming Soon in 2022: NitroTPM, a security and compatibility feature that makes it easier for customers to use applications and operating system capabilities that depend on trusted platform modules (TPMs) in their EC2 instances.

Benefits

Faster innovation

The Nitro System is a rich collection of building blocks that can be assembled in many different ways, giving us the flexibility to design and rapidly deliver EC2 instance types with an ever-broadening selection of compute, storage, memory, and networking options.  This innovation also leads to bare metal instances where customers can bring their own hypervisor or have no hypervisor.

Enhanced security

The Nitro System provides enhanced security that continuously monitors, protects, and verifies the instance hardware and firmware.  Virtualization resources are offloaded to dedicated hardware and software minimizing the attack surface. Finally, Nitro System's security model is locked down and prohibits administrative access, eliminating the possibility of human error and tampering.

Better performance and price

The Nitro System delivers practically all of the compute and memory resources of the host hardware to your instances resulting in better overall performance.  Additionally, dedicated Nitro Cards enable high speed networking, high speed EBS, and I/O acceleration.  Not having to hold back resources for management software means more savings that can be passed on to the customer.

Support for previous generation instances

AWS Nitro System supports previous generation EC2 instances to extend the length of service beyond the typical lifetime of underlying hardware. The AWS Nitro System provides modern hardware and software components for EC2 instances, allowing customers to continue running their workloads on the instance families they were built on.

Key Features

Nitro Cards

_WEB_Nitro_Cards_Illustration_Color_130x100

The Nitro Cards are a family of cards that offloads and accelerates IO for functions, ultimately increasing overall system performance.  Key cards include Nitro Card for VPC, Nitro Card for EBS, Nitro Card for Instance Storage, Nitro Card Controller, and Nitro Security Chip.

Nitro Security Chip

_WEB_Nitro_Security_Illustration_Color_130x100

The Nitro Security Chip enables the most secure cloud platform with a minimized attack surface as virtualization and security functions are offloaded to dedicated hardware and software. Additionally, a locked down security model prohibits all administrative access, including those of Amazon employees, eliminating the possibility of human error and tampering.

Nitro Hypervisor

_WEB_Nitro_Hypervisor_Illustration_Color_130x100

The Nitro Hypervisor is a lightweight hypervisor that manages memory and CPU allocation and delivers performance that is indistinguishable from bare metal.

AWS Nitro Enclaves

_WEB_Nitro_Enclaves_Illustration_Color_130x100

AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.

Learn More »

NitroTPM (Coming soon in 2022)

NitroTPM_Icon

NitroTPM, a Trusted Platform Module (TPM) 2.0, is a security and compatibility feature that makes it easier for customers to use applications and operating system capabilities that depend on TPMs in their EC2 instances. It conforms to the TPM 2.0 specification, which makes it easy to migrate existing on-premises workloads that use TPM functionalities to EC2. NitroTPM provides a secure cryptographic offload using the AWS Nitro System, and allows EC2 instances to generate, store, and use keys without having access to the same keys. NitroTPM can also provide a cryptographic proof of your instances' integrity via TPM attestation mechanisms.

Get started with AWS

Step 1

Sign up for an AWS account

Instantly get access to the AWS Free Tier.
Step 2

Learn with 10-minute Tutorials

Explore and learn with simple tutorials.
Step 3

Start building with AWS

Begin building with step-by-step guides to help you launch your AWS project.

Try Amazon EC2 for Free! 

Click here to try for free

AWS Free Tier includes 750 hours of Linux and Windows t2.micro instances each month for one year. To stay within the Free Tier, use only EC2 Micro instances. View AWS Free Tier details >>

Ready to get started?
Sign up
Have more questions?
Contact us